Kernel.org Breach Expands

Kernel.org Breach Expands

September 13, 2011

Linux is a relatively secure operating system, but that doesn't mean Linux sites are infallible to attack, as recent events have shown. While security is top of mind on the Linux Planet this week, it's not the only thing going on. This past week, there were KDE updates as well as a new proposal for moving Ubuntu Linux forward faster.

1. Linux.com hacked

Last week, the kernel.org site publicly disclosed it suffered a security breach. As it turns out, that breach didn't just affect kernel.org, it affected the Linux.com and LinuxFoundation.org websites as well.

The Linux Foundation took down its sites in the wake of the breach. Administrators are seeking out the problems and eliminating the risk. In the case of the Linux Foundation breach, usernames, emails and passwords are potentially at risk. As such, the foundation has warned users that if they use the same passwords for other sites, they should strongly consider changing them.

2. OpenSSH 5.9 Released

One of the key security technologies used in most Linux distributions is OpenSSH.

While it's not clear if the attacks on kernel.org, LinuxFoundation.org and Linux.com were directly SSH related, SSH is a primary way that many users are able to connect with their servers.

The new OpenSSH 5.9 release, which debuted this past week, provides new sandboxing for security. The sandbox can further restrict access within a system while still providing users the privileges they need for certain tasks.

3. KDE and GNOME Update

The KDE 4.7.1 September updates were released last week, providing stability and bug fixes for KDE users.

While KDE is fixing its current branch, GNOME is now showing off its next generation -- GNOME 3.2. Meanwhile, GNOME 3.1.91, aka GNOME 3.2 beta 2, is now available for developers.

The important thing to note about GNOME 3.2 is that it improves on the initial GNOME 3 interface. GNOME 3 provided a new interface with GNOME Shell for users that is a big change. It's a change not without its critics and not without its fair share of bugs.

With GNOME 3.2, bugs and stability fixes are all over the place with the intent of delivering a smoother desktop experience for GNOME users.

Generally, adoption of major new desktop releases improves with subsequent releases as technologies mature and users get more comfortable. Time will tell if that will be the case with GNOME 3.2.

4. LibreOffice Moves Away From OpenOffice

For a period of time, LibreOffice was very similar to the OpenOffice application from which it forked. That's not really the case anymore, according to LibreOffice contributor Michael Meeks.

Meeks reported that LibreOffice removed 678 files that OpenOffice currently contains. On the other side, LibreOffice has added 914 new files. Going a level deeper, there are now 2 million lines of code that differ between LibreOffice and OpenOffice.

"Seemingly, there is an assumption, that code committed to Apache OpenOffice will inevitably and automatically appear in LibreOffice," Meeks wrote. "This looks increasingly unlikely. Instead, I suspect we will end up cherry-picking and porting only those things that justify the effort, as/when/if there is any such thing."

5. Ubuntu Monthly Releases

Ubuntu is known for its regular and long term stability (LTS) release cycle. It stands in contrast to the release cycle of distros from vendors like SUSE and Red Hat that have enterprise releases for stability and community releases for leading-edge features.

According to at least one Ubuntu developer, the current Ubuntu model doesn't move fast enough. Scott James Remnant has now suggested that Ubuntu move to rapid release cycle of monthly releases.

No, that's not a typo.

While the Linux kernel and, now, Mozilla Firefox have rapid release cycles of two to three months, Ubuntu could possibly move even faster. That said, there are other distros that move on an even quicker cycle.

Gentoo, Arch and openSUSE Tumbleweed all use a rolling release cycle where packages are updated as they become available. Instead of waiting to produce a milestone release, the rolling release cycle always provides the latest in packages.

It's unclear at this point if or when Ubuntu might stray from its current release cadence. If it does, it will interesting to see how Mark Shuttleworth comes up with 12 new codenames a year for Ubuntu. The next major release of Ubuntu is due out in October, codenamed the Oneiric Ocelot.